Search Results (6872 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8517 2 Apple, Netbsd 2 Mac Os X, Netbsd 2025-04-12 N/A
The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in NetBSD 5.1 through 5.1.4, 5.2 through 5.2.2, 6.0 through 6.0.6, and 6.1 through 6.1.5 allows remote attackers to execute arbitrary commands via a | (pipe) character at the end of an HTTP redirect.
CVE-2014-8602 4 Canonical, Debian, Nlnetlabs and 1 more 4 Ubuntu Linux, Debian Linux, Unbound and 1 more 2025-04-12 N/A
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
CVE-2014-9622 1 Gentoo 1 Xdg-utils 2025-04-12 N/A
Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.
CVE-2015-2846 1 Bittorrent 1 Sync 2025-04-12 N/A
BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link.
CVE-2015-0538 1 Emc 1 Autostart 2025-04-12 N/A
ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets.
CVE-2015-1561 1 Centreon 1 Centreon 2025-04-12 N/A
The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon 19.10.0) uses an incorrect regular expression, which allows remote authenticated users to execute arbitrary commands via shell metacharacters in the ns_id parameter.
CVE-2015-3408 2 Canonical, Module-signature Project 2 Ubuntu Linux, Module-signature 2025-04-12 N/A
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
CVE-2015-3409 2 Canonical, Module-signature Project 2 Ubuntu Linux, Module-signature 2025-04-12 N/A
Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain privileges via a Trojan horse module under the current working directory, as demonstrated by a Trojan horse Text::Diff module.
CVE-2015-3441 1 Genexia 1 Drgos 2025-04-12 N/A
The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter.
CVE-2015-3678 1 Apple 1 Mac Os X 2025-04-12 N/A
AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified Thunderbolt commands.
CVE-2015-4525 1 Emc 1 Isilon Onefs 2025-04-12 N/A
The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
CVE-2015-5190 2 Pacemaker\/corosync Configuration System Project, Redhat 2 Pacemaker\/corosync Configuration System, Enterprise Linux 2025-04-12 N/A
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
CVE-2015-5220 1 Redhat 3 Jboss Enterprise Application Platform, Jboss Operations Network, Jboss Wildfly Application Server 2025-04-12 N/A
The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header.
CVE-2015-5262 3 Apache, Canonical, Fedoraproject 3 Httpclient, Ubuntu Linux, Fedora 2025-04-12 N/A
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
CVE-2015-5274 1 Redhat 1 Openshift 2025-04-12 N/A
rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker.
CVE-2015-5349 1 Apache 2 Directory Studio, Ldap Studio 2025-04-12 7.8 High
The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imported into a spreadsheet.
CVE-2015-5963 4 Canonical, Djangoproject, Oracle and 1 more 4 Ubuntu Linux, Django, Solaris and 1 more 2025-04-12 N/A
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.
CVE-2015-5964 4 Canonical, Djangoproject, Oracle and 1 more 4 Ubuntu Linux, Django, Solaris and 1 more 2025-04-12 N/A
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.
CVE-2015-6912 1 Synology 1 Video Station 2025-04-12 N/A
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.
CVE-2015-7839 1 Solarwinds 1 Log And Event Manager 2025-04-12 N/A
SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the traceroute functionality.